Suherman

Updates from February, 2012 Toggle Comment Threads | Keyboard Shortcuts

• 

  Suherman 11:44 on 23 February 2012 Permalink | Reply
  Tags: contoh, firewall, iptables, linux ( 3 ), sample   

  Sample iptables command 

  #iptables -A INPUT -m mac --mac-source 00:0F:EA:91:04:08 -j DROP  ## block atau accept traffic dari mac address

  # iptables -A INPUT -s 192.168.1.0/24 -p icmp –icmp-type echo-request -j ACCEPT
  # iptables -A INPUT -p icmp –icmp-type echo-request -j DROP
  # iptables -A INPUT -i eth1 -p icmp –icmp-type echo-request -j DROP

   

  Reply Cancel reply

  Required fields are marked *

  Name *

  Email *

  Website

  

• 

  Suherman 15:11 on 8 December 2011 Permalink | Reply
  Tags: Proxy, server ( 2 ), Transparan   

  Transparan Proxy 

  Lab dengan Vmware Workstation  OS centos 5.6

  configurasi dengan 1 Ethernet card

  192.168.16.97/24

  #rpm -qa | grep squid

  squid-2.6.STABLE21-6.el5

  #grep ^[^#] /etc/squid/squid.conf

  acl all src 0.0.0.0/0.0.0.0
  acl manager proto cache_object
  acl localhost src 127.0.0.1/255.255.255.255
  acl to_localhost dst 127.0.0.0/8
  acl SSL_ports port 443
  acl Safe_ports port 80          # http
  acl Safe_ports port 21          # ftp
  acl Safe_ports port 443         # https
  acl Safe_ports port 70          # gopher
  acl Safe_ports port 210         # wais
  acl Safe_ports port 1025-65535  # unregistered ports
  acl Safe_ports port 280         # http-mgmt
  acl Safe_ports port 488         # gss-http
  acl Safe_ports port 591         # filemaker
  acl Safe_ports port 777         # multiling http
  acl Safe_ports port 53          # DNS
  acl CONNECT method CONNECT
  http_access allow all
  http_access allow manager localhost
  http_access deny manager
  http_access deny !Safe_ports
  http_access deny CONNECT !SSL_ports
  http_access allow localhost
  http_access deny all
  icp_access allow all
  http_port 3128 transparent
  hierarchy_stoplist cgi-bin ?
  cache_mem 100 MB
  access_log /var/log/squid/access.log squid
  acl QUERY urlpath_regex cgi-bin \?
  cache deny QUERY
  refresh_pattern ^ftp:           1440    20%     10080
  refresh_pattern ^gopher:        1440    0%      1440
  refresh_pattern .               0       20%     4320
  acl apache rep_header Server ^Apache
  broken_vary_encoding allow apache
  visible_hostname localhost.localdomain
  dns_nameservers 208.67.222.222 208.67.220.220
  coredump_dir /var/spool/squid
  acl lan src 192.168.16.0/24
  http_access allow localhost
  http_access allow lan

  Berikut settingan iptables
  # /sbin/iptables -I INPUT -s 192.168.16.0/24 -p tcp –dport 3128 -j ACCEPT

  #/sbin/iptables -t nat -I PREROUTING -s 192.168.16.0/24 -d 0/0 -p tcp –dport 80 -j REDIRECT –to-port 3128

  # /sbin/iptables -t nat -I POSTROUTING -s 192.168.16.0/24 -d 0/0 -o eth0 -j MASQUERADE

  Thanks to: Banf Fi, Am3n dan Iqbal

   
• 

  Suherman 10:36 on 8 December 2011 Permalink | Reply
  Tags: dhcp, linux ( 3 ), server ( 2 ), setting   

  DHCP Server 

  Berikut langkah-langkah membuat DHCP server di Centos

  #yum install dhcp
  
  #vim /etc/dhcpd.conf
  
  ddns-update-style interim;
  ignore client-updates;
  
  subnet 192.168.16.0 netmask 255.255.255.0 {
  option routers                  192.168.16.1;
  option subnet-mask              255.255.255.0;
  option domain-name-servers      192.168.16.100;
  
  range dynamic-bootp 192.168.16.151 192.168.16.175;
  default-lease-time 21600;
  max-lease-time 43200;
  
  }
  #chkconfig --level 234 dhcp on
  
  #service dhcpd start
  
  #service dhcpd status
  

   
• 

  Suherman 20:13 on 7 December 2011 Permalink | Reply
  Tags: linux ( 3 )   

  Transparan proxy 

  Gw lagi mau coba buat nich transparan proxy, server yg berjalan di kantor pakai transparan proxy dengan 2 eth.
  Nanti klo sudah berhasil gw update yach sama source link nya sekalian.

   
• 

  Suherman 09:22 on 11 February 2011 Permalink | Reply  

  SECURE SSH 

  berikut cara untuk mengamankan SSH